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AMENDMENTS TO THE CLAIMS 

This listing of claims replaces all prior versions, and listings, of claims in the application: 

Listing of Claims; 

1. (Currently Amended) In a security heterogenic computer network supporting 
different security descriptor specifications, the computer network having one or more devices 
that use a first security descriptor that follows a first security descriptor specification to describe 
security permissions related to a particular object, the computer network also having one or more 
devices that use a second security descriptor that follows a second security descriptor 
specification to describe security permissions related to that same particular object, a method of 
replicating in a non-degenerative fashion the first security descriptor with the second security 
descriptor specification, the method facilitating the synchronization of the first and second 
security descriptor specifications so that both security specifications may be used in the 
computer network, the method comprising the following: 

a step for converting the first security descripto r that follows th e first s e curity 

dgscriptor sp e cification into a version of the first security-descriptor that follows the 

second security descriptor specification; ^ 

a step for comparing the converted version of the first security descriptor that 

follows the second security descriptor specification with the second security descriptor 

that also follows th e second security descriptor sp e cification ; and 

an act of changing the second security descriptor to reflect at least som e of the 

changes one security permission change as represented in the converted version of the 

first security descriptor in ord e r to assur eso that any changes to the second security 

descriptor are non-degenerative and reversible; 

an act of undoing the at least one security permission change in the second 

security descriptor; 

a step for converting the second security descriptor into a version of the second 
security descriptor that follows the first security descriptor specification; 
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a step for comparing the converted version of the second security descriptor that 
follows the first security descriptor specification v^ith the first security descriptor; and 

an act of changing the first security descriptor to reflect the undone permission 
change as represented in the converted version of the second security descriptor so that 
any change to the first security descriptor is non-degenerative and reversible . 

2. (Original) A method in accordance with Claim 1, wherein the first security 
descriptor specification is the 4.0 specification. 

3. (Original) A method in accordance with Claim 2, wherein the second security 
descriptor specification is the Active Directory specification. 

4. (Original) A method in accordance with Claim 1, wherein the first security 
descriptor specification is the Active Directory specification. 

5. (Original) A method in accordance with Claim 4, wherein the second security 
descriptor specification is the 4.0 specification. 

6. (Original) A method in accordance with Claim 1, wherein the step for converting 
the first security descriptor that follows the first security descriptor specification into a version of 
the first security descriptor that follows the second security descriptor specification comprises 
the following: 

an act of consulting mapping rules that define mappings of rights of the first 
security descriptor specification to rights of the second security descriptor specification; 

for each right for which there is a corresponding mapping rule, converting the 
right that follows the first security descriptor specification to a corresponding right that 
follows the second security descriptor specification; and 

an act of assembling each corresponding right that follows the second security 
descriptor specification to form a version of the first security descriptor that follows the 
second security descriptor specification. 
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7. (Previously Presented) A method in accordance with Claim 1, wherein the step 
for comparing the converted version of the first security descriptor that follows the second 
security descriptor specification with the second security descriptor that also follows the second 
security descriptor specification comprises the following: 

for each right for which there is a corresponding mapping rule, an act of 
comparing the right in the version of the first security descriptor that follows the second 
security descriptor specification to the right in the second security descriptor; and 

based on the act of comparing, an act of detecting changes in the first security 
descriptor that are not reflected in the second security descriptor. 
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8. (Currently Amended) In a security heterogenic computer network supporting 
different security descriptor specifications, the computer network having one or more devices 
that use a first security descriptor that follows a first security descriptor specification to describe 
security permissions related to a particular object, the computer network also having one or more 
devices that use a second security descriptor that follows a second security descriptor 
specification to describe security permissions related to that same particular object, a method of 
replicating in a non-degenerative fashion the first security descriptor with the second security 
descriptor specification, the method facilitating the synchronization of the first and second 
security descriptor specifications so that both security specifications may be used in the 
computer network, the method comprising the following: 

an act of consulting mapping rules that define mappings of rights efbetween the 

first security descriptor specification to rights o f and the second security descriptor 

specification; 

for each right of the first security descriptor specification for which there is a 
corresponding mapping rule, converting the right that follows the first security descriptor 
specification to a corresponding right that follows the second security descriptor 
specification; 

an act of assembling each corr e sponding converted right that follows the second 
security descriptor specification to form a version of the first security descriptor that 
follows the second security descriptor specification; 

for each right for which ther e is a corresponding mapping rule, an act of 
comparing the -each converted right in the version of the first security descriptor that 
follows the second security descriptor specification to the corresponding right in the 
second security descriptor; 

based on the act of comparin g each converted right in the version of the first 
security descriptor that follows the second security descriptor specification , an act of 
detecting one or more changes in the converted first security descriptor that are not 
reflected in the second security descriptor; and 

an act of changing the second security descriptor to reflect the detected one or 
more changes in the first security descriptor in ord e r to assure so that changes to the 
second security descriptor are non-degenerative and reversible; 
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an act of changing one or more rights in the second security descriptor; 

for each right of the second security descriptor specification for which there is a 
corresponding mapping rule, converting the right that follows the second security 
descriptor specification to a corresponding right that follows the first security descriptor 
specification; 

an act of assembling each converted right that follows the first security descriptor 
specification to form a version of the second security descriptor that follows the first 
security descriptor specification; 

an act of comparing each converted right in the version of the second security 
descriptor that follows the first security descriptor specification to the corresponding right 
in the first security descriptor; 

based on the act of comparing each converted right in the version of the second 
security descriptor that follows the first security descriptor specification, an act of 
detecting one or more changes in the converted second security descriptor that are not 
reflected in the first security descriptor; and 

an act of changing the first security descriptor to reflect the detected one or more 
changes in the second security descriptor so that changes to the first security descriptor 
are non-degenerative and reversible . 



9. (Original) A method in accordance with Claim 8, wherein the first security 
descriptor specification is the 4.0 specification. 

10. (Original) A method in accordance with Claim 9, wherein the second security 
descriptor specification is the Active Directory specification. 

11. (Original) A method in accordance with Claim 8, wherein the first security 
descriptor specification is the Active Directory specification. 

12. (Original) A method in accordance with Claim 11, wherein the second security 
descriptor specification is the 4.0 specification. 
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13. (Currently Amended) A computer program product for use in a security 
heterogenic computer network supporting different security descriptor specifications, the 
computer network having one or more devices that use a first security descriptor that follows a 
first security descriptor specification to describe security permissions related to a particular 
object, the computer network also having one or more devices that use a second security 
descriptor that follows a second security descriptor specification to describe security permissions 
related to that same particular object, the computer program product for implementing a method 
of replicating in a non-degenerative fashion the first security descriptor with the second security 
descriptor specification, the method facilitating the synchronization of the first and second 
security descriptor specifications so that both security specifications may be used in the 
computer network, the computer program product comprising a computer-readable medium 
having computer-executable instructions for performing the following: 

a step for converting the first security descriptor that follows th e first security 

d e scriptor sp e cification into a version of the first security descriptor that follows the 

second security descriptor specification; 

a step for comparing the converted version of the first security descriptor that 

follows the second security descriptor specification with the second security descriptor 

that also follows th e s e cond s e curity d e scriptor specifi^cation ; and 

an act of changing the second security descriptor to reflect at least some of the 

changes one security permission change as represented in the converted version of the 

first security descriptor in ord e r to assur eso that any chang e s change to the second 

security descriptor we-is_non-degenerative and reversible; 
an act of changing the second security descriptor: 

a step for converting the second security descriptor into a version of the second 
security descriptor that follows the first security descriptor specification; 

a step for comparing the converted version of the second security descriptor that 
follows the first security descriptor specification with the first security descriptor; and 

an act of changing the first security descriptor to reflect the change to the second 
security descriptor so that change to the first security descriptor is non-degenerative and 
reversible. 
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14. (Original) A computer program product in accordance with Claim 13, wherein the 
first security descriptor specification is the 4.0 specification. 

15. (Original) A computer program product in accordance with Claim 14, wherein the 
second security descriptor specification is the Active Directory specification. 

16. (Original) A computer program product in accordance with Claim 14, wherein the 
first security descriptor specification is the Active Directory specification. 

17. (Original) A computer program product in accordance with Claim 16, wherein the 
second security descriptor specification is the 4.0 specification. 

18. (Original) A computer program product in accordance with Claim 13, wherein the 
computer-executable instructions for performing the step for converting the first security 
descriptor that follows the first security descriptor specification into a version of the first security 
descriptor that follows the second security descriptor specification comprise computer- 
executable instructions for performing the following: 

an act of consulting mapping rules that define mappings of rights of the first 
security descriptor specification to rights of the second security descriptor specification; 

for each right for which there is a corresponding mapping rule, converting the 
right that follows the first security descriptor specification to a corresponding right that 
follows the second security descriptor specification; and 

an act of assembling each corresponding right that follows the second security 
descriptor specification to form a version of the first security descriptor that follows the 
second security descriptor specification. 



Page 8 of 19 



• # 

Application No. 09/609,197 

Amendment "B" dated April 29, 2004 

Reply to Office Action mailed December 3 1 , 2003 

19. (Previously Presented) A computer program product in accordance with Claim 
13, wherein the computer-executable instructions for performing the step for comparing the 
converted version of the first security descriptor that follows the second security descriptor 
specification with the second security descriptor that also follows the second security descriptor 
specification comprise computer-executable instructions for performing the following: 

for each right for which there is a corresponding mapping rule, an act of 

comparing the right in the version of the first security descriptor that follows the second 

security descriptor specification to the right in the second security descriptor; and 

based on the act of comparing, an act of detecting changes in the first security 

descriptor that are not reflected in the second security descriptor. 
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20. (Currently Amended) A computer program product for use in a security 
heterogenic computer network supporting different security descriptor specifications, the 
computer network having one or more devices that use a first security descriptor that follows a 
first security descriptor specification to describe security permissions related to a particular 
object, the computer network also having one or more devices that use a second security 
descriptor that follows a second security descriptor specification to describe security permissions 
related to that same particular object, a computer program product for implementing a method of 
replicating in a non-degenerative fashion the first security descriptor with the second security 
descriptor specification, the method facilitating the synchronization of the first and second 
security descriptor specifications so that both security specifications may be used in the 
computer network, the computer program product comprising a computer-readable medium 
having computer-executable instructions for performing the following: 

an act of consulting mapping rules that define mappings of rights efbetween the 

first security descriptor specification to rights o f and the second security descriptor 

specification; 

for each right of the first security descriptor specification for which there is a 
corresponding mapping rule, converting the right that follows .the first security descriptor 
specification to a corresponding right that follows the second security descriptor 
specification; 

an act of assembling each corresponding converted right that follows the second 
security descriptor specification to form a version of the first security descriptor that 
follows the second security descriptor specification; 

for e ach right for which there is a corr e sponding mapping rule, an act of 
comparing the -each converted right in the version of the first security descriptor that 
follows the second security descriptor specification to the corresponding right in the 
second security descriptor; 

based on the act of comparin g each converted right in the version of the first 
security descriptor that follows the second security descriptor specification , an act of 
detecting one or more changes in the converted first security descriptor that are not 
reflected in the second security descriptor; and 
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an act of changing the second security descriptor to reflect the detected one or 
more changes in the first security descriptor in order to assure so that any changes to the 
second security descriptor are non-degenerative and reversible; 

an act of undoing the change to the second securitv descriptor: 
for each right of the second security descriptor specification for which there is a 
corresponding mapping rule, converting the right that follows the second securitv 
descriptor specification to a corresponding right that follows the first securitv descriptor 
specification; 

an act of assembling each converted right that follows the first securitv descriptor 
specification to form a version of the second securitv descriptor that follows the first 
securitv descriptor specification: 

an act of comparing each converted right in the version of the second securitv 
descriptor that follows the first securitv descriptor specification to the corresponding right 
in the first securitv descriptor: 

based on the act of comparing each converted right in the version of the second 
securitv descriptor that follows the first securitv descriptor specification, an act of 
detecting one or more changes in the converted second securitv descriptor that are not 
reflected in the first securitv descriptor: and _ 

an act of changing the first securitv descriptor to reflect the detected one or more 
changes in the second securitv descriptor so that anv changes to the first securitv 
descriptor are non-degenerative and reversible . 

21. (Original) A computer program product in accordance with Claim 20, wherein the 
first security descriptor specification is the 4.0 specification. 

22. (Original) A computer program product in accordance with Claim 21, wherein the 
second security descriptor specification is the Active Directory specification. 

23. (Original) A computer program product in accordance with Claim 20, wherein the 
first security descriptor specification is the Active Directory specification. 
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24. (Original) A computer program product in accordance with Claim 23, wherein the 
second security descriptor specification is the 4.0 specification. 
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25. (Currently Amended) A computer system comprising the following: 
a processing device; and 

a combination of one or more computer-readable media which in combination 
have stored thereon the following: 

a first data structure that represents a first security descriptor that follows a 
first security descriptor specification and that represents an object; 

a second data structure that represents a second security descriptor that 
follows a second security descriptor specification and that also represents the 
object; 

a third data structure that represent mapping rules that correlate sets of one 
or more rights of the first security descriptor specification which sets of one or 
more rights of the second security descriptor specification; and 

computer-executable instruction that, when executed by the processor, 
perform the following: 

a step for converting the first security descripto r that follows the 
first s e curity descriptor sp e cification into a version of the first security 
descriptor that follows the second security descriptor specification; 

a step for comparing the converted version of the first security 
descriptor that follows the second security descriptor specification with 
the second security descripto r that also follows th e s e cond s e curity 
descriptor sp e cification ; and 

an act of changing the second security descriptor to reflect at least 
some of the chang e s one change as represented in the converted version of 
the first security descriptor in ord e r to assure so that any chang e s change to 
the second security descriptor aFe-is_non-degenerative and reversible; 

an act of changing the second security descriptor; 

a step for converting the second security descriptor into a version 
of the second security descriptor that follows the first security descriptor 
specification; 
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a step for comparing the converted version of the second security 
descriptor that follows the first security descriptor specification with the 
first security descriptor; and 

an act of changing the first security descriptor to reflect the change 
to the second security descriptor so that change to the first security 
descriptor is non -de generative and reversible . 



26. (Cancelled) 
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